2016 Privacy Check Up – A Buzzing Crow Exclusive

Before the dawn of the internet, businesses, advertisers more specifically, have had a vested interest in understanding their markets and figuring out formulas to engage and expand their customer base. As the internet matures, technical means to satisfy this end continue to become more and more intrusive, to the point that the expectation of privacy online has practically dissolved for all but the technically savvy.

Fortunately for you, the Crow is here to help with a mini-series that – effective at the time of this article’s publishing – breaks down how to control and manage your privacy on social media and beyond. Without proper protection it’s safe to assume that everything you publish, ranging from comments on a YouTube video to publicly available Facebook posts, can and will live indefinitely on servers beyond your control.

Before we get started, let me qualify this article with the following caveats:

I am not trying to scare you.

I am not trying to sell you anything.

I am not anti-social media.

I am trying to raise awareness and empower you as a human being.

I will assume you have a limited understanding of the fundamentals of IT, and as such,

I will attempt to present information in a fashion that is easy to understand.

For the not-so-technically-inclined, here’s how it works:

As soon as you open your internet browser, your browser will attempt to establish a connection to whatever server you’ve set as your homepage. If your homepage set to Google.com, for example, as soon as you launch your browser it will attempt to establish a connection to Google’s server. The real “under the hood” magic begins when you start your search for something.

Every search is individually tracked, and if you happen to be logged into a Google account at the time, that information is associated with your overall “profile”. Familiarize yourself with “keyword marketing“. SEO companies have been using this technique for years to reach target audiences. Google is an “interest aggregate” for these companies which we’ll talk more about shortly.

The internet itself is a mesh of millions of servers, “serving” files when you visit them or redirecting you to other servers (click here for example). If you clicked that link, a new tab opened up and you just established a connection with the White Houses’ Briefing Room (whitehouse.gov/briefing-room). The “briefing-room” page is located on a server (23.43.247.204) which has been configured to serve a webpage when someone visits that address.

The server needs to know a few things before it can route you correctly, so it analyzes the connection’s headers (TCP/IP) to determine where you’re coming from and where you’re trying to go. If it’s a valid location on a server, authentication occurs and after a handshake BOOM – connection established. If the firewall is configured not to allow access to the resource you’re trying to visit, a garden variety permission error or 404 (page not found) is returned. Servers are designed to collect information, process input and handle requests accordingly.

After you’ve established the initial connection, your activity is audited and the information is used by the server to handle subsequent requests. Depending on it’s configuration, the server can hang onto this information for as little or as long as is required. Infrastructure to accommodate this data was initially very costly. We now live in the age of the Petabyte and data mining has become progressively easier and cheaper to do.

Out of the box, most servers come equip with built-in auditing tools that allow an administrator to view real-time network traffic with metrics ranging from what server referred you to how long you stayed on a given page. More advanced configurations can determine precisely how long you hovered an ad before clicking it. They are essentially extremely flexible super-computers that exist to serve their owner and are a reflection of us a society: mostly good people sprinkled with bad actors here and there.

In the interest of clarity and full disclosure, let’s have a quick look at Buzzing Crow’s Wordfence traffic log. Wordfence is a popular plugin for WordPress installed as an added layer of security for WordPress users. It protects against suspicious activity and DDOS-style attacks but offers statistical traffic analysis as well. Keep in mind the following information is not unique to this plugin; this information is available on practically every server on the internet. Below is a digestible view of some of the information a server collects when you visit a webpage:

(IPs blurred to protect the innocent)

IP address, Operating System Build, Browser Version, Location, Referrer, Host Name, Page Visited – this is all by design. Many network protocols, including TCP/IP, require several of these facts to display the page correctly, so nothing extraordinary is happening here outside of displaying information your browser already sent requesting the page from the BuzzingCrow.com server.

“Okay cool. They know where I’m coming from. Should I be concerned?”

This is an essential part of the network protocol that you’re using to view this page. If the server doesn’t know where you come from or where you’re going, it can’t do it’s job and route you appropriately. Businesses use this information to serve geo-based advertisements, hoping to get you to click on consumer goods and services that might be of interest to you and others in your area. The log above is just a quick example of the information captured when you visit a website.

Here’s the rub: your IP address is often used to track your activity online and marketers aren’t the only ones interested in your online dealings. Politicians are interested in your political leaning, your charitable contributions/donations, the size of your bank account, and how willing you are to turn out to vote. News organizations are interested in how their news is consumed. Webmasters are interested in the kind of traffic they receive, and where it’s coming from. Copyright holders are interested in protecting their work online, fighting piracy and unauthorized sales of copyright materials. Intelligence agencies such as the NSAare interested in your online activity as well.

“Are there ways to get around this constant influx of people attacking my privacy?”

The short answer is yes. It is entirely possible to enjoy all online has to offer, privately, without warrantless captures of your private data, but first we need to address the elephant in the room: what you give willingly to social media outlets.

Before we do though, let’s back up to a buzzword still thrown around that simply will not die: the cloud. We’ll also put to bed any misconception of what exactly the cloud is. The cloud, simply put, is a server located outside of your intranet. When you’re using a “cloud-based application”, you’re essentially running a program that resides on a server outside of your home or business network. When you use Dropbox, Google, Facebook, Twitter, Pandora, LinkedIn or any other application that isn’t ran locally on your system, you’re leveraging a “cloud service”. Even though “cloud computing” has only entered the public’s lexicon in the past decade, the idea dates all the way back to “dumb terminals” in the 1950’s which relied on mainframes to do all the heavy-lifting. How this ties into our topic is the relationship of your data on someone else’s server.

Many of you already understand that the information you post to another site is housed on a remote server, in a database, ideally secured somewhere in a closely monitored data center. Very few grasp that in doing so, you are putting your data’s security into the hands of administrators that are prone to human error, on hardware that is capable of fault. While redundancy has afforded servers close to 99.9% uptime, they are increasingly subject to infiltration and government investigation. Take the recent Yahoo! hack, for example.

“Anonymity on the internet only benefits people doing unlawful things, right?”

Wrong. Most hackers you read about buy tools they leverage to gain access to large, complex networks. They target highly sensitive data and confidential databases that house employee and customer names, addresses, phone numbers, credit card info, social security numbers, associated accounts and passwords – all the required ingredients necessary to steal someone’s identity online. If that happens to be a major social media outlet, your data may be at risk as well. Fortunately, the caretakers of this data go to great lengths to keep this information safe and encrypted (user confidence in their services mandate they do) but when it comes to technology, it’s impossible to guarantee that your data will remain safe indefinitely.

“How do I protect myself?”

Personal responsibility with your private data is a start. While security on the internet has come a very long way since it’s public inception, as with anything than gains popularity, it has become an increasingly large target vulnerable to attack. Encryption, private VPNs, and security-driven email providers are all worth researching and investing a couple bucks in to safeguard your privacy online. A VPN that masks your IP and encrypts internet traffic is well worth the money. Leveraging privacy-centric browsers like Tor coupled and search engines like Startpage and DuckDuckGo can dramatically decrease your online visibility as well. Not all VPNs are created equal and most of the time, you’ll get what you pay for. An unbiased look at different providers are the subject of a future BC article, but the time has come for the inevitable:

“The “Social Media” lecture?”

You’ve heard it before but it bears repeating: when a service is provided to you for free, youaretheproduct. Buried in the carefully worded TOS agreements we don’t read (and blindly accept) is acknowledgement that you agree the service provider can collect and use pretty much every bit (no pun intended) of data it’s legally allowed. They’re peppered with text indicating that it’s generally used for marketing purposes and to better understand their audiences, but in a majority of cases, your info may also be shared with “third-parties”. Third-parties are usually not defined and are often left open to interpretation. This means when you agree to these terms, you open a flood gate allowing the provider the ability to market your information to their partners.

Be extremely wary of sites that rely on your subscription to other third-party services, such as sites that only allow you to login via Facebook and Twitter. These sites typically access your account details through their respective API’s and most of us forget (or don’t even know how) to remove app authorization requests within our social media security settings. We’ll touch on this more later but for now, understand that privacy is very easy to give away but can be very difficult to reclaim.

Social media is a very powerful tool that allows us to create, share, learn, and engage the global community. It has already reshaped and improved the world, bringing accountability and awareness to issues that require our attention that the media may not report on. Before the dawn of the internet, access to information was limited to television, radio, and print formats exclusively. With social media, we’ve done away with the gatekeepers that decide what news is relevant. While the benefits of this reshaping are overwhelming, we must be mindful of the unforeseen consequences that arise when our data is falls into the wrong hands.

The usefulness of this information has spawned the business-need for “social media managers” who are typically in charge of maintaining a company’s social media presence, but also measure their audience using analytical data that’s built into to just about every ad-campaign on the internet. And their jobs are getting increasingly easier.

This is largely because you, as the user, do all the work they used to pay someone else to do. Your likes, mentions, comments, tweets, along with the groups you join, help build lists they use to target specific audiences. In the sales world these are referred to as “leads”. If this information is gold to advertisers, it’s platinum to Google. Advertisers pay Google per click to display ads tailored to you based off the information Google has collected about you which may include your:

name

income

interests

address

location

gender

ethnicity

employer/employment status

age

martial status

political affiliation

sexual orientation

In most cases, this is information you willingly divulge on social media platforms and agree to share with third parties or other app providers. It’s possible to maintain the balance between privacy, security and accessibility, but only if we pay attention to the terms we’re agreeing to when we use a service. Demand transparency within their terms of service or avoid it. If you have a question about something you’ve read within a TOS, e-mail the provider directly for clarification. Publish abuse and hold companies that don’t respect your individual rights accountable. This doesn’t happen exclusively in a courtroom. Mass social exodus can impact bottom lines. If Twitter or Facebook were to shut down today, tomorrow alternate companies would emerge to fill the void. Remember: these platforms need you much more than you need them.

Finally, technology is powerful gift – within it lies the ability to create and destroy. As it evolves, we must be mindful of it’s impact and careful stewards of the freedoms it offers. The line between a business interests and a persons individual liberty at times can be blurred, and accountability can be much easier to dodge in the digital world.

Having said that, let’s have a look at how you can manage your data within a few various social outlets. We won’t touch on them all, but we’ll target the heaviest platforms individually below. This is a great opportunity to run through your privacy settings as we go through each platform.